Module security

HTTP Security Headers.

Specifications

• W3C Timing-Allow-Origin header

Example

use http_types::{StatusCode, Response};

let mut res = Response::new(StatusCode::Ok);
http_types::security::default(&mut res);

Structs

• ContentSecurityPolicy
  Build a Content-Security-Policy header.
• ReportTo
  Define report-to directive value
• ReportToEndpoint
  Define endpoints for report-to directive value
• TimingAllowOrigin
  Specify origins that are allowed to see values via the Resource Timing API.

Enums

• FrameOptions
  Set the frameguard level.
• ReferrerOptions
  Set the Referrer-Policy level
• Source
  Define source value

Functions

• default
  Apply a set of default protections.
• dns_prefetch_control
  Disable browsers’ DNS prefetching by setting the X-DNS-Prefetch-Control header.
• frameguard
  Mitigates clickjacking attacks by setting the X-Frame-Options header.
• hsts
  Sets the Strict-Transport-Security header to keep your users on HTTPS.
• nosniff
  Prevent browsers from trying to guess (“sniff”) the MIME type, which can have security implications.
• powered_by
  Removes the X-Powered-By header to make it slightly harder for attackers to see what potentially-vulnerable technology powers your site.
• referrer_policy
  Mitigates referrer leakage by controlling the referer[sic] header in links away from pages
• xss_filter
  Sets the X-XSS-Protection header to prevent reflected XSS attacks.